The Console object supports secure password entry through its readPassword method. This method helps secure password entry in two ways. First, it suppresses echoing, so the password is not visible on the user's screen. Second, readPassword returns a character array, not a String, so the password can be overwritten, removing it from memory as soon as it is no longer needed.

The idea here is that you can call Arrays.fill (or equivalent) to "blank" the char array as soon as you've validated the password, and from that point the password is no longer stored in memory. Since Strings are immutable, the String will remain in the heap until it is garbage collected - which if it manages to get itself interned will be never, and in any other case could still be "too long". All the while it is there, it's potentially vulnerable to sniffing from a variety of vectors.

Related Articles

How does a C# Timer Object decide when an elapsed amount of time has occurred? I am wondering if it simply loops or is more intelligent than this. Also, it would be good to know where to find the C# Source Code to have a look through.The .NET BCL has

I'm amazed at how good Docker's caching of layers works but I'm also wondering how it determines whether it may use a cached layer or not. Let's take these build steps for example: Step 4 : RUN npm install -g node-gyp ---> Using cache ---> 3fc59f47f

I am curious as to how SignalR maps a request to the Hub? How does it select which Hub to use? Where is the name of the hub in the request? Additionally, how does it select which action in the hub gets to handle the request? Is that part of the reque

How to write a function to determine the population count of a 16-bit integer using php or javascript. Population count is defined as the number of bits that are "turned on," or in others, it is the number of 1s in a binary representation of a n

The following is an example taken from Facebook's authentication page. What is the idea behind adding data to the session and then redirecting to a URL using javascript? Also why do an md5 hash of a uniqid? <?php $app_id = "YOUR_APP_ID"; $app

I am just wondering what the Java VM does with a Try-Catch. How does it execute it? My best guess is that it is like a Linux system which when installing something does a test run and if no errors are found asks the user if he/she wants to proceed. I

This question already has an answer here: How does std::end know the end of an array? 3 answers A problem in C++ primer, when begin and end work on vector I know there is vector::size() could help, but how do they work when I just give an array argum

I have a quick question: I downloaded an iOS application that uses the NSFileProtectionComplete class to protect a sqlite file that contains sensitive information. According to the iOS security documentation (http://images.apple.com/ipad/business/doc

On http://developer.android.com/guide/publishing/licensing.html, under section "Replacement for Copy Protection" it says: A limitation of the legacy Copy Protection mechanism on Android Market is that applications using it can be installed only

I have a few years experience programming c++ and a little less then that using Qt. I built a data mining software using Qt and I want to make it available online. Unfortunately, I know close to nothing about web programming. Firstly, how easy or har

In a promise library bluebird have function promisifyAll or other similar libraries that claim to convert async functions with callback patterns into promise based ie. resolve(), reject(), or done()..So how does it work? For example: function myAsync

This question may be a silly one or may be a duplicate. I am confused with how the variables are retrieved from stack when program is referring to that variable. An object is stored in heap and the location is stored in the reference variable and the

What does (number & number) mean? I am trying to read someone's code written in JavaScript and came over with if(misc & 0x800) {//...} //0x800 is 2048 when converted to decimal Where var misc = 16400; //or some other number which continuously chan